-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 31 January 2004 11:49, Todd wrote: > I have a policy question. How many verifications are considered > enough to push out an update? I'd almost finished verifying these > packages on all three redhat releases when this came out. I'd checked > the bugzilla entry regularly to make sure that there weren't already > several gpg signed verifications. There was, and still is, only one > that I can see. It seems to me that more than one should be required > before pushing the update (not that I disagree with Christian's > verification, I was about to add a similar entry to bugzilla). Usually it's one per release. There were two un-signed verifies for 7.3, so I took that as one verified (plus I did my own verification on 7.3). > Clarification on what the policy is would be appreciated. It might > save some time for folks working on verifying packages. > > > SHA1 sum Package Name > > ---------------------------------------------------------------------- > >----- a10c0d99cd919f459a25fdb5562d6907667b33d3 > > 7.2/updates/SRPMS/tcpdump-3.6.3-17.7.2.4.legacy.src.rpm > > e3777ee05d6b57a81fa08a96b64aa45a0758e42f > > 7.2/updates/i386/tcpdump-3.6.3-17.7.2.4.legacy.i386.rpm > > 795dd99495f288aacea6a8775e9aba8eb801e570 > > 7.2/updates/i386/libpcap-0.6.2-17.7.2.4.legacy.i386.rpm > > 8e860cb231b7dd59345c2f82531d527ca78090b5 > > 7.2/updates/i386/arpwatch-2.1a11-17.7.2.4.legacy.i386.rpm > > There's a minor formatting problem with the SHA1 sums. They always > wrap improperly. Can this be fixed? It not only looks messy, it > makes for more work if someone actually wants to copy and paste this > data into a file so they can check the sums. I don't know how many > people do this, I use the gpg sigs instead, but someone must -- else > they're just wasting space and can be removed entirely. Can't. Email client forces lines to be wrapped, either when sent or when received. In the future, when these have a web based counterpart, they'll be unwrapped. - -- Jesse Keating RHCE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedoralegacy.org) Mondo DevTeam (www.mondorescue.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAHBHW4v2HLvE71NURAqF3AKCvDpKkY1cPDxqjMU9tQmKt1U3HcgCgp+ql Shn84VaopSc+LDEX+IK/Crk= =usze -----END PGP SIGNATURE-----
